not always use template after modification for nginx

[studyfranco]

Hello,

Thank you for this hard work !
I have just an issue. I don't want use 80 and 443, and sometimes use nginx for stream.
I modify the default.conf and the nginx.conf for that. The big problem is at each start the default nginx docker copy all template files.

Is it possible to modify it for don't copy each time the template of default.conf and nginx.conf ?

Best regards

[dune73]

Assigning this to @fzipi.

[fzipi]

Hi @studyfranco!

Just a small question: did you take a look at all the nginx variables you can use?

In particular, setting PORT and SSL_PORT to the ones you want should do the trick.

[studyfranco]

Hi @fzipi !

Yep I look they. But this is not what I need.
My first problem is if I want use stream. You need to create a separate part in nginx.conf:

stream {
    log_format basic '$remote_addr $upstream_addr [$time_local] '
                     '$protocol $status $bytes_sent $bytes_received '
                     '$session_time';
    access_log /var/log/nginx/access.log basic;
    server {
        listen       7778;
        listen  [::]:7778;
        listen       7778 udp;
        listen  [::]:7778 udp;

        proxy_pass "192.168.100.2:7778";
        access_log /var/log/nginx/access.log basic;
    }
}

The second point is about the usage of the 443 and 80 port. If I want redirect by "server_name", I can because all my traffic is redirect by default.

My suggestion is: remove the template file, and create a rapid bash script who check if the default.conf and the nginx.conf is here, and copy it if they are present.

[fzipi]

This is easy to override. You just create an environment variable called NGINX_ENVSUBST_TEMPLATE_DIR pointing to a non existing dir, so templates won't be loaded.

And then you just mount your own .conf files.

Another option is to mount that file as /etc/nginx/conf.d/stream.conf, and it should be picked up automatically.

[tboddyspargo]

And then you just mount your own .conf files.

I tried this, but: A) I still want to use templates, and B) I was still hitting issues when mounting /etc/nginx/nginx.conf even in rw due to the use of sed -i in one of the startup scripts...

sed: cannot rename /etc/nginx/nginx.conf: Device or resource busy

Also, since I was mounting my own /etc/nginx/nginx.conf I didn't want the built-in /etc/nginx/templates/nginx.conf.template to be run with envsubst, yet it was.

I'd love it if this image:

• removed /etc/nginx/templates/nginx.conf.template and replaced it with a basic /etc/nginx/nginx.conf (providing documentation for replacing it with a custom one to customize the timeout and worker_connections options, instead of using envsubst)
  • Alternatively, making those options (timeout and worker_connections) part of a separate template would be better than treating the base nginx.conf as a template.
• Avoid using sed -i on any files that might reasonably be mounted.
• Avoid using sed -i if the file doesn't contain the string that will be replaced.

If there's any guidance about how to mount nginx.conf and avoid the Device or resource busy error from sed -i, I'd appreciate it! My work-arounds are getting more and more hacky...

[theseion]

The issue is probably with the 91-update-resolver.sh script, which uses sed to write nginx.conf. I think you could just mount an empty file over that script to make your issue go away. If that's the only issue we could add a new variable to prevent that. If there are more issues we'd need to see what else is necessary.

Using a new variable probably isn't the best approach though, as you might want to provide your own nginx.conf but still want to use the variables the image offers to configure things. I think the solution to this problem would be to move all of the actual configuration out of the nginx.conf file and only use include directives. That way we could always write stuff but use of the configured values can be controlled via a custom nginx.conf. What do you think?

[tboddyspargo]

I think the solution to this problem would be to move all of the actual configuration out of the nginx.conf file and only use include directives. That way we could always write stuff but use of the configured values can be controlled via a custom nginx.conf. What do you think?

I agree, that would be a much better pattern. Although, I would personally advocate for slimming down the templates that already exist. IMO, the more aligned this image can be with the official nginx image (fewer scripts, templates, env vars), the better the experience will be and the less maintenance overhead there would be.

Moving all current ENV var capabilities into templates that are included via a default /etc/nginx/nginx.conf (which can be overwritten safely with a read-only file mount) would be a great start!

[fzipi]

Makes sense to be. Do you want to try sending a PR for this @tboddyspargo ?

[tboddyspargo]

@fzipi - I'm afraid I can't commit to that right now. However, I spoke with my team and I have a colleague who is interested in the opportunity to contribute back to this project! He is out on leave at the moment, but if this can wait a few weeks, he can follow-up when he's back. I'll support him however I can with the implementation details.

[theseion]

We're not in a rush :) Looking forward to hearing from one of you soon.

[fzipi]

Is there any interest in pushing this? Or do we close?

[theseion]

Let's close it. I think we're going in a direction with less variables and more flexibility anyway.